Banking And InsuranceCryptocurrencyDigital MarketingErpFood And BeveragesHealthcareLegalMarketing And AdvertisingMedia And EntertainmentMetals And MiningOil And GasRetailTelecom
Artificial IntelligenceBig DataCloudCyber SecurityE CommerceEducationGaming And VfxIT ServiceMobileNetworkingSAPScience And TechnologySecuritySoftwareStorage
CiscoDatabaseGoogleIBMJuniperM2MMicrosoftOracleOracleRed Hat
CEO ReviewCompany Review

The Silicon Review Asia

Grammarly Contaminated with a High Severity Bug

Grammarly Contaminated with a High Severity Bug

More embarrassing than just misspelled words - A critical blemish was found in the Chrome and Firefox browser extension of the English language writing-enhancement platform, Grammarly. The bug was nothing a gaping security hole on the Grammarly browser extension, that left about 22 million users’ accounts, including personal documents and records, vulnerable to remote hackers.

Reported on February 2 by Tavis Ormandy of Google Project Zero, the bug is of high severity. According to Tavis, any website that a Grammarly user visits could steal the authentication tokens, which is more than enough to gain access to user's account and take control of everything without permission. And the worst part is that the remote attackers could do this with just 4 lines of JavaScript code. Tavis has also provided a proof-of-concept (PoC) exploit in his vulnerability report explaining how easily a hacker can make use of this serious flaw to steal Grammarly user's access token.

“I am calling this a high severity bug as it seems like a pretty severe violation of user expectations,” Tavis said in his vulnerability report. "Users would never expect that visiting a site gives it permission to access documents or data they have typed into other sites.”

To secure all its users’ data, Grammarly quickly fixed the bug in the Chrome Web Store and Mozilla also confirmed that the Firefox version of the extension also rolled out to the users.

"We're continuing to monitor actively for any unusual activity. The security issue potentially affected text saved in the Grammarly Editor. This high severity bug didn’t affect the Grammarly Keyboard or Grammarly Microsoft Office add-on. The bug is fixed, and there is no action required by Grammarly users," a Grammarly spokesperson said.


Tariff plans will cost higher from the next financial year as telecom companies are gearing up to increase rates

The ongoing Covid pandemic had significantly increased the number of mobile and internet users worldwide. The high amount of usage is expected to drop...

Business Travelers to Stay at Singapore’s Changi Airport Bubble

Singapore’s open economy depends heavily on tourism and business. But its vibrant but small economy has been hurting as the circumstances due to...

Countries in Asia-Pacific are marching towards ‘green recovery’ amidst Covid-19 crisis

2020 has been an unforgettable year for many of us. The ongoing Covid crisis has reminded people that it is very important to have an uninterrupted an...

Department of Telecommunication to announce the new schedule for 5G trials

Department of Telecommunications (DoT) is all set to announce the new schedule for 5G trials. The Dot made this decision after being pulled by the par...